Would you like to learn how Privileged Account Management (PAM) systems should cover cloud environments? If so, please register for my September 17 webinar!
Title: The Expanding Universe of Privileges: Why Cloud PAM Matters (Webcast)
IT staff and developers have had to rework many business processes and applications to operate entirely online, and built up a lot of technical debt in the process. Sooner or later, they’ll need to re-architect and re-factor to reduce the… Continue reading
As the “COVID-19 shutdown” pushes businesses into what I call “forced digitalization” – with everyone teleworking – it could be easy for IT and security professionals to become all-consumed by basic operational issues. Just keeping the Virtual Private Networks (VPNs)… Continue reading
Shadow IT is an explosion of cloud computing adoption for business use by employees and groups with no IT involvement. Shadow IT can lead to unintended and undesirable security risks, compliance concerns and hidden costs. But through collaborative IT governance processes, it can also be made beneficial.
If business units are getting what they need in a manner that is quick, cost-effective and/or convenient, then what is wrong with shadow IT anyway? The problem is that although services unsanctioned by IT may satisfy an immediate need from one part of the business, they are not optimized to the all the needs – or risks – of the business.
Left unchecked, shadow IT can lead to higher costs and rising risks. The true cost of public cloud can ultimately become much higher than the nominal cost from providers as the IT organization or the business units struggle with integration, security, and other issues. Just like that higher cable TV bill that snuck up on me a few months ago, initial subscription discounts for shadow IT in the cloud can become false economies.
How Bad is It, Really?
According to the Oracle and KPMG Cloud Threat Report 2019, 92% of 450 IT and security respondents were concerned about shadow IT. Participants found that shadow IT had led to unauthorized use of data, introduction of malware, and other issues. Unfortunately, survey results also indicate policies against the use of unauthorized services are routinely flouted.
On the other hand, Entrust Datacard’s report, “The Upside of Shadow IT: Productivity Meets IT Security” report found that 77% of 1,000 respondents believed shadow IT can make businesses more competitive and that efforts to eradicate it could actually make it more prevalent even among IT users.
Rather than thinking of these as dueling reports we can see them meeting in the middle on the need for a governed enterprise multicloud offering. Facing a clear and present danger, businesses will often empower security to “come up with a strategy to control shadow IT.” However, security leaders should resist the temptation to come down too hard on the business with draconian policies. Instead they can engage the business leaders and help them understand risks and accountabilities. Continue reading
Identity Governance and Administration (IGA) and Privileged Account Management (PAM) need a makeover for cloud computing. During a recent consulting engagement, I took a deep dive into Cloud IGA and Cloud PAM. I’ll be sharing my perspectives over the next… Continue reading
Agile cloud security was on stage at #RSAC2016 where I came face to face with its practitioners already living the solutions to problems some of our clients are only now discovering. My favorite sessions – from Javier Losa and Iñigo… Continue reading
CASB as a market was born of Neil MacDonald’s Gartner research notes. It’s grown to comprise 20-30 very different types of vendors. According to MacDonald, the CASB crew is already pulling down an estimated $180 million in annual revenue.… Continue reading
The Cloud Access Security Broker (CASB) is an architectural concept become an over-sized security market category. Many of the pieces in the CASB model are necessary for coherent cloud security policy enforcement. But is a unified CASB solution as presently… Continue reading